Table of Contents
Advertisement
Configuring IPS Policies
Define IPS protection
updated, every process listed in the information cache of running processes is compared against
the updated list. If the list indicates that a process should be hooked and it's not already hooked,
that process is hooked. If the lists indicate that a process should not be hooked and it is already
hooked, that process is unhooked.
The process hooking lists can be viewed and edited on the Application Protection Rules tab.
The client user interface, unlike the view on the IPS Rules policy, shows a static list of all hooked
application processes.
NOTE:
To prevent injection of a DLL into an executable when using hook:set_windows_hook,
include the executable in the Application Protection List.
Configuring IPS application protection rules
Edit, add, and delete rules and move rules to another policy from the Application Protection
Rules tab of the IPS Rules policy.
Task
For option definitions, click ? in the interface.
1
Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: IPS in
the Product list and IPS Rules in the Category list. The list of policies appears.
2
Under Actions, click Edit to make changes on the IPS Rules page, then click the
Application Protection Rules tab.
3
Perform any of the following operations:
To...
Find an application rule in the list
Edit an application rule
Add an application rule
Delete an application rule
Copy an application rule to another policy
4
Click Save to save any changes.
Creating application protection rules
If the IPS Rules policy does not have an application protection rule that you need in your
environment, you can create one.
Task
For option definitions, click ? in the interface.
1
On the IPS Rules policy Application Protection Rules tab, do one of the following:
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Do this...
Use the filters at the top of the application list. You can
filter on rule status, inclusion, or specific text that
includes process name, process path, or computer
name. Click Clear to remove filter settings.
Under Actions, click Edit.
Click New.
Under Actions, click Delete.
Select a rule and click Copy To to copy it to another
policy. Indicate the policy to which to copy the rule and
click OK.
NOTE:
You can copy several rules at one time by
selecting all the rules before clicking Copy To.
45
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee HISCDE-AB-IA - Host Intrusion Prevention
Related Products for McAfee HISCDE-AB-IA - Host Intrusion Prevention
- McAfee Agent 4.0
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE ANTI-THEFT FILE PROTECTION
- McAfee AVDCDE-AA-AA - Active Virus Defense Suite
- McAfee AVDCDE-BA-CA - Active Virus Defense Suite
- McAfee AVM85M - VirusScan For Mac
- McAfee Data Loss Prevention 9.2.1
- McAfee DFFCDE-AA-DA - Endpoint Encryption For Files